[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1663432135 > @Sn0rt Is this pr ready? yep. wait the CI. now the LDAP related test case can't pass. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1663148005 不出意外,我是没有权限往你的分支推送commit. 给你分枝发送PR, 不如将你的 分支 fork 回来, 在你的 HEAD 上添加 commit . 我今天来处理一下这个PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1662118778 > hi @Sn0rt 我更新了插件的schema 但是说来惭愧 我的工作pc是Windows,且因为公司网络原因 make deps时 需要从 github下载依赖时 会有网络问题 (我们工作中使用apisix是直接跑的docker 镜像文件) > > 可以麻烦你帮我运行一下格式化命令? 我再对应做修改吗? 可以, 我将会在你 commit 之后添加 commit 来完善你的需求. 需要先关闭这个 PR, 重新开一个. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661748239 Looking forward to you becoming a new contributor to APISIX --- 期待你成为APISIX 新的贡献者 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661701416 > hi @Sn0rt 我添加完测试了 不过 现在utils内没有这个reindex文件  > >  https://apisix.apache.org/docs/apisix/building-apisix/ 我想这个链接可能对你有用. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948:
URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661696163
讲道理, 既然想把这个选项暴露出来为啥没有更新这个地方? `openid-connect.lua`
```lua
local schema = {
type = "object",
properties = {
client_id = {type = "string"},
client_secret = {type = "string"},
discovery = {type = "string"},
scope = {
type = "string",
default = "openid",
},
ssl_verify = {
type = "boolean",
default = false,
},
timeout = {
type = "integer",
minimum = 1,
default = 3,
description = "timeout in seconds",
},
introspection_endpoint = {
type = "string"
},
introspection_endpoint_auth_method = {
type = "string",
default = "client_secret_basic"
},
bearer_only = {
type = "boolean",
default = false,
},
session = {
type = "object",
properties = {
secret = {
type = "string",
description = "the key used for the encrypt and HMAC
calculation",
minLength = 16,
},
},
required = {"secret"},
additionalProperties = false,
},
realm = {
type = "string",
default = "apisix",
},
logout_path = {
type = "string",
default = "/logout",
},
redirect_uri = {
type = "string",
description = "use ngx.var.request_uri if not configured"
},
post_logout_redirect_uri = {
type = "string",
description = "the URI will be redirect when request
logout_path",
},
unauth_action = {
type = "string",
default = "auth",
enum = {"auth", "deny", "pass"},
description = "The action performed when client is not
authorized. Use auth to " ..
"redirect user to identity provider, deny to respond with
401 Unauthorized, and " ..
"pass to allow the request regardless."
},
public_key = {type = "string"},
token_signing_alg_values_expected = {type = "string"},
use_pkce = {
description = "when set to true the PKEC(Proof Key for Code
Exchange) will be used.",
type = "boolean",
default = false
},
set_access_token_header = {
description = "Whether the access token should be added as a
header to the request " ..
"for downstream",
type = "boolean",
default = true
},
access_token_in_authorization_header = {
description = "Whether the access token should be added in the
Authorization " ..
"header as opposed to the X-Access-Token header.",
type = "boolean",
default = false
},
set_id_token_header = {
description = "Whether the ID token should be added in the
X-ID-Token header to " ..
"the request for downstream.",
type = "boolean",
default = true
},
set_userinfo_header = {
description = "Whether the user info token should be added in
the X-Userinfo " ..
"header to the request for downstream.",
type = "boolean",
default = true
},
set_refresh_token_header = {
description = "Whether the refresh token should be added in the
X-Refresh-Token " ..
"header to the request for downstream.",
type = "boolean",
default = false
}
},
encrypt_fields = {"client_secret"},
required = {"client_id", "client_secret", "discovery"}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948:
URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661674307
> > 你测试了这个格式么 "http://username:password@127.0.0.1:8080"; 么?
>
> hi 我这边 只用到了 不需要认证的代理服务器 所以没有试过这个格式
添加一个 test 吧, 内容如下.
```lua
=== TEST 5: Set up new route access the auth server via http proxy
--- ONLY
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
"plugins": {
"openid-connect": {
"client_id":
"kbyuFDidLLm280LIwVFiazOqjO3ty8KH",
"client_secret":
"60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa",
"discovery":
"http://127.0.0.1:1980/.well-known/openid-configuration";,
"redirect_uri": "https://iresty.com";,
"ssl_verify": false,
"timeout": 10,
"scope": "apisix",
"proxy_opts":
"http://username:password@127.0.0.1:8080";,
"use_pkce": false
}
},
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- response_body
passed
```
可以使用下面指令格式化测试文件
```shell
~/w/apisix *master> ./utils/reindex t/plugin/openid-connect.t
reindex: t/plugin/openid-connect.t: skipped.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661661377 你测试了这个格式么 "http://username:password@127.0.0.1:8080"; 么? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661601580 需要多等待一下. 1. 如果能用单元测试覆盖到这个选项最好 (可能有难度 2. 单元测试覆盖不了, 需要多等待一下, 我会把你的代码 fetch 到我的开发环境里面进行回归测试保证对现有的功能不受影响. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661582503 看上去不错. 修改一下文档? 我approve 一下 CI. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661576032 > 是的 这个PR 其实只加了一个属性到文档,如果使用忽略格式化和空行的git 工具可以更清晰的看到更改. 因为向markdown的的table加了一行, 所以影响到了上面的缩进 问题是你加的这个选项为啥会工作呢? 可以解释一下么? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Sn0rt commented on pull request #9948: docs: add proxy_opts attribute for openid-connect.md
Sn0rt commented on PR #9948: URL: https://github.com/apache/apisix/pull/9948#issuecomment-1661546203 Thanks for your PR 1. Can the document not be modified so much? I think you should just add a line. 2. Where does this option come from? How to confirm that it works normally, can you explain briefly? Indeed, it may be inconvenient to build tests because it involves proxy. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
